TY - GEN
T1 - Efficiency preserving transformations for concurrent non-malleable zero knowledge
AU - Ostrovsky, Rafail
AU - Pandey, Omkant
AU - Visconti, Ivan
PY - 2010
Y1 - 2010
N2 - Ever since the invention of Zero-Knowledge by Goldwasser, Micali, and Rackoff [1], Zero-Knowledge has become a central building block in cryptography - with numerous applications, ranging from electronic cash to digital signatures. The properties of Zero-Knowledge range from the most simple (and not particularly useful in practice) requirements, such as honest-verifier zero-knowledge to the most demanding (and most useful in applications) such as non-malleable and concurrent zero-knowledge. In this paper, we study the complexity of efficient zero-knowledge reductions, from the first type to the second type. More precisely, under a standard complexity assumption (ddh), on input a public-coin honest-verifier statistical zero knowledge argument of knowledge π′ for a language L we show a compiler that produces an argument system π for L that is concurrent non-malleable zero-knowledge (under non-adaptive inputs - which is the best one can hope to achieve [2,3]). If κ is the security parameter, the overhead of our compiler is as follows: - The round complexity of π is r + Õ(log k) rounds, where r is the round complexity of π′. - The new prover P (resp., the new verifier ν) incurs an additional overhead of (at most) r + k·Õ(log2 k) modular exponentiations. If tags of length are provided, the overhead is only r + Õ(log2 k) modular exponentiations. The only previous concurrent non-malleable zero-knowledge (under non-adaptive inputs) was achieved by Barak, Prabhakaran and Sahai [4]. Their construction, however, mainly focuses on a feasibility result rather than efficiency, and requires expensive NP-reductions.
AB - Ever since the invention of Zero-Knowledge by Goldwasser, Micali, and Rackoff [1], Zero-Knowledge has become a central building block in cryptography - with numerous applications, ranging from electronic cash to digital signatures. The properties of Zero-Knowledge range from the most simple (and not particularly useful in practice) requirements, such as honest-verifier zero-knowledge to the most demanding (and most useful in applications) such as non-malleable and concurrent zero-knowledge. In this paper, we study the complexity of efficient zero-knowledge reductions, from the first type to the second type. More precisely, under a standard complexity assumption (ddh), on input a public-coin honest-verifier statistical zero knowledge argument of knowledge π′ for a language L we show a compiler that produces an argument system π for L that is concurrent non-malleable zero-knowledge (under non-adaptive inputs - which is the best one can hope to achieve [2,3]). If κ is the security parameter, the overhead of our compiler is as follows: - The round complexity of π is r + Õ(log k) rounds, where r is the round complexity of π′. - The new prover P (resp., the new verifier ν) incurs an additional overhead of (at most) r + k·Õ(log2 k) modular exponentiations. If tags of length are provided, the overhead is only r + Õ(log2 k) modular exponentiations. The only previous concurrent non-malleable zero-knowledge (under non-adaptive inputs) was achieved by Barak, Prabhakaran and Sahai [4]. Their construction, however, mainly focuses on a feasibility result rather than efficiency, and requires expensive NP-reductions.
UR - https://www.scopus.com/pages/publications/77949601417
U2 - 10.1007/978-3-642-11799-2_32
DO - 10.1007/978-3-642-11799-2_32
M3 - Conference contribution
AN - SCOPUS:77949601417
SN - 3642117988
SN - 9783642117985
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 535
EP - 552
BT - Theory of Cryptography - 7th Theory of Cryptography Conference, TCC 2010, Proceedings
PB - Springer Verlag
T2 - 7th Theory of Cryptography Conference, TCC 2010
Y2 - 9 February 2010 through 11 February 2010
ER -